Site Search Navigation

Site Navigation

Site Mobile Navigation

A Tool to Help Secure Your Browser

By Riva Richmond June 15, 2011 6:54 pmJune 15, 2011 6:54 pm

Web browsers are top targets for hackers. They’re abused in more than 90 percent of attacks meant to hit random Internet users (versus more targeted strikes), according to Kaspersky Labs. And more than half of those attacks exploit flaws in browser software and seek to install dangerous malware on computers.

Why all the attention? Because browsers are an easy target. Computer users perennially ignore update reminders and run old versions with well-known security holes. They also use ancient browser plug-ins, which aren’t as easy to update and are often rich with known vulnerabilities. As a result, a whopping 80 percent of computers run outdated, unsecure browsers or plug-ins, according to Qualys, a firm that helps companies manage software vulnerabilities.

To say we make ourselves low-hanging and abundant fruit for hackers is an understatement. But with the help of a new free tool for consumers from Qualys called BrowserCheck, you can make yourself significantly less available for the picking with relative ease.

BrowserCheck works on Windows, Mac OS X and Linux machines and will identify weak spots in the Internet Explorer, Firefox, Safari, Chrome and Opera browsers, and it will help you fix them. It can be especially useful for staying on top of oft-abused plug-ins.

I first used the service in April on my Mac to check my Safari and Firefox browsers. It showed that Safari was one version out of date — not a surprise, since Apple had just released an update that included a fix related to the Comodo imbroglio. To my shame, I had been hitting “Not Now” on an Apple update alert for a couple of days. It also found that my Adobe Flash software was also a bit old. I had the same issues with Firefox, along with one item with a non-security-related update available.

I tackled Flash first, since Adobe products have become favorite targets of attackers in the last couple of years (Sun’s Java has been popular recently). From the Safari report, I hit the “Fix It” button, which took me to the relevant Adobe page for updating Flash Player, where I downloaded the latest version. Restarting my browsers and running scans again showed that Flash was now up-to-date for both my Safari and Firefox browsers.

I ran BrowserCheck more recently and it again alerted me to unsecure Adobe software, suggesting that using the periodically is a good idea even for people who are generally good about downloading most updates.

I also updated Firefox, though thanks to Firefox’s automatic updating, I didn’t have significant problems there. Firefox will automatically check for updates and download minor ones in the background whenever you restart your browser. If it has waited more than 24 hours, it will show a pop-up message asking you to restart Firefox and install the update. Mozilla says Firefox 4 will also help you keep add-ons up-to-date, but not plug-ins like Adobe Flash. Users can go here to check and update plug-ins.

I also used BrowserCheck to update Safari, though that was unnecessary. I still had to download the Apple update I had postponed to get some non-Safari fixes.

This kind of maintenance work is vital for everyone’s safe surfing today, but especially so for Windows users, who are attacked the most by far.

Qualys’ tool can help them, too — particularly with those pesky plug-ins. Easy and painless updates for Windows and other Microsoft software, including Internet Explorer, are available through Microsoft’s automatic Windows Update service. Go to the Microsoft Update Web site to turn on the free service or see if it’s already activated. Then Microsoft updates can literally happen in your sleep.

What's Next

About

Gadgetwise is a blog about everything related to buying and using tech products. From figuring out which gadget to buy and how to get the best deal on it to configuring it once it’s out of the box, Gadgetwise offers a mix of information, analysis and opinion to help you get the most out of your personal tech.